<?php
/* FILE: process_submit.php
 * DESCRIPTION: Process called when the user presses the login button on index.php
 * POST DATA: user_name, user_pass
 * GET DATA: N/A
 */
 
// Inialize session
session_start();

// Include database connection settings
include('config.inc');

// Retrieve user_email and user_pass from database according to user's input
$loginQuery = 
	"SELECT * FROM user WHERE (user_name = '" 
	. mysql_real_escape_string($_POST['user_name']) 
	. "') and (user_pass = '" 
	. mysql_real_escape_string(md5($_POST['user_pass'])) 
	. "')";
if(!$login = mysql_query($loginQuery))
{
	die($loginQuery);
}

// Check user_email and user_pass match
if (mysql_num_rows($login) == 1) 
{
	// Set user_email session variable
	$_SESSION['user_name'] = $_POST['user_name'];
	// Update time of last login
	$updateLogin = 
		"UPDATE user SET user_last_login = '" 
		. $_SERVER['REQUEST_TIME'] 
		. "' WHERE user_name = '" 
		. $_POST['user_name'] 
		. "';";
	if(!mysql_query($updateLogin))
	{
		die($updateLogin);
	}
	// Jump to secured page
	header('Location: index_secure.php');
}
else 
{
	// Jump to login page
	header('Location: index.php?err=ncf');
}

?>